It's one step forward and one back for security on Microsoft's Internet Explorer browser. A new report from a security firm found that IE9 beta offers "vastly" more protection from malware than other browsers, while Microsoft on Wednesday issued a warning that there is a vulnerability in IE 6, 7 and 8 that could allow someone to take remote control of the computer.
The software giant said there is no evidence this vulnerability has actually been used. The attack could be hidden as malicious code in a web page, and involves the way computer memory is managed when the browser processes Cascading Style Sheets. CSS is widely utilized to control how a page is presented. Microsoft has issued updates to fix the memory management problem, but now it appears the updates aren't completely effective. While it works on a more permanent fix, the company has recommended the use of a free Enhanced Mitigation Experience Toolkit that it offers. But, the company said, "the issue does not currently meet the criteria" for an out-of-cycle fix.
The company said IE Protected Mode on Windows Vista and Windows 7 "helps to limit the impact" of this vulnerability. But according to some security researchers, the vulnerability can be still exploited in up-to-date Windows 7 and Vista computers.
Meanwhile, NSS Labs has tested live malware threats of various browsers and found that IE9 beta caught what it called an "exceptional" 99 percent of live threats.
IE9 has both SmartScreen URL filtering and the new SmartScreen Application Regulation service, the combination of which NSS Labs credited for the good performance. The report also found that the presence of SmartScreen URL filtering in IE8 increased that browser's protection, but not as much as IE9.
The report said IE 9 was "by far the best at protecting against socially engineered malware," in that it had "a far superior malware identification, collection and classification method."
The next best browser for this protection was Mozilla 3.6, which captured 19 percent of live threats.
Other browsers tested included Apple's Safari 5, which found 11 percent of threats, Google's Chrome 6 with only three percent, and Opera 10 in last place with no capturing at all. The testing involved NSS Labs' assessing if a browser would block potentially malicious URLs in at least one run, with new URLs added each day.
Posts
